Protecting Airport Baggage Handling Systems from Cyberattack

Protecting Airport Baggage Handling Systems from Cyberattack

Modern airports are marvels of efficiency, moving thousands of bags hourly across miles of conveyor belts, scanners, and sorting systems. These systems are as advanced and sophisticated as any modern manufacturing facility, yet behind this seamless operation lies a growing vulnerability: cyberattacks targeting baggage handling systems (BHS). The critical operational technology (OT) networks, which manage luggage from check-in to cargo holds, are increasingly exposed to ransomware, insider threats, and state-sponsored attacks. Traditional OT security methods, adapted from office IT environments, fail to fully protect these critical systems and the edge devices (e.g. conveyor motors, switching system) that make it function.

Impact of a Baggage Handling System Outage or Cyberattack

A baggage handling system outage can lead to significant operational challenges, including delayed flights, lost or mishandled luggage, and increased frustration among passengers. This disruption can negatively affect the overall efficiency of airport operations and diminish the travel experience for customers. In the case of a cyberattack, there could also be compromised passenger data.

Why Baggage Handling Systems are a Growing Cyber Risk

Unlike traditional IT systems, OT systems like baggage handling infrastructure often run on legacy hardware and software with decades-long lifecycles using communication protocols like Modbus or BACnet, which lack authentication or encryption.  These systems were not originally designed with cyber security in mind, which means that anyone who gains access to the OT network can manipulate the operation of equipment – disrupting normal operation, creating unsafe conditions, or shutting them down.

Limitations of IT-Centric Approaches for OT Security

Not only do legacy OT devices not have built-in security, but they may also not be capable of running modern security methods implemented through firmware updates. There are also security issues with creating a root-of-trust and implementing certificates ,with self-signed certificates injecting additional risk and potential manual update actions. As a result, traditional IT-centric security approaches such as a firewall, network monitoring (looking for anomalies) and microsegmentation have been implemented. These can be effective in limiting the spread and impact of unauthorized access and disruption. However, once a threat actor is inside the network, the OT devices running the BHS are exposed. One way to protect the devices is to implement a zero trust solution that protects each OT device in real-time regardless of where the unauthorized network access originates.

What Is a Zero Trust Overlay Solution for OT Security?

A zero trust overlay solution is an approach to securing legacy OT infrastructure without disrupting operations. A zero trust overlay solution applies the principle of “never trust, always verify” to OT environments by wrapping legacy devices with authentication and without requiring hardware upgrades. Imagine airport security checks applied to data flows: every device, user, and command must prove its legitimacy, regardless of origin.

Zero trust overlays offer a pragmatic path to security that respects OT constraints:

  • No hardware replacement.
  • No network changes (topology or IP addressing)
  • No device reprogramming or testing changes
  • Transparent to the network devices
  • Creates and automatically distributes and renews certificates
  • Authenticates devices
  • Encrypts data traffic

How Zero Trust Overlays Protect Baggage Handling Systems

Since many baggage handling systems use devices that can’t support modern authentication, a zero trust overlay solution solves this by deploying external security gateways that form a secure enclave between each other where only authenticated security gateways can communicate with each other. This protects the OT devices behind the security gateways. If an attacker gets access to the network, even the same network segment from inside the building, the authentication required by zero trust blocks all communication attempts. This 4-min video demonstrates a zero trust overlay solution in action.

Implementing Zero Trust in 3 Steps

  1. Asset Survey
    • Inventory all OT network devices, including legacy PLCs and wireless sensors.
  2. Policy Design
    • Define what enterprise services need access to OT network devices
    • Define what OT devices need to report data to enterprise servers
    • Define least-privilege rules (e.g., “Device type X can’t initiate connections to Device type Y”)
  3. Overlay Deployment
    • Install security gateways to implement authentication and encryption without altering OT equipment firmware
  4. Monitoring
    • Monitor any alerts that may be generated from the security gateways (e.g. an authorized device attempted communication to a protected device)

Future-Proof OT Security for Baggage Handling Systems

As cyberattacks grow more sophisticated, airports must move beyond perimeter firewalls and VPNs for securing baggage handling system OT networks. Zero trust overlays provide a scalable, non-disruptive way to safeguard baggage handling systems, ensuring protection from cyber threat actors. Further improvement will involve support post-quantum (PQ) protection so encryption methods can be deployed today to protect against future threats from quantum computing.

[ hack the airport ] [ #HackTheAirport ]


Blog Post Summary – All of our recent posts listed on one page

Related posts:

District Heating OT SecurityModbus Vulnerabilities Used for Cyberattack on a Heating Utility Protecting Building OT Systems from Cyber ThreatsProtecting Building OT Systems from Cyber Threats Smart Buildings and Connected DevicesThe Importance of Protecting Smart Building Technology from Cyber Threats